Mitel Product Security Advisory 20-0008

Mitel MiCollab Multiple Security Vulnerabilities

Advisory ID: 20-0008

Publish Date: 2020-06-25

Last Updated: 2020-06-25

Revision: 1.0

 

Summary

The SAS portal of Mitel MiCollab could allow an attacker to access user data by performing a header injection in HTTP responses due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information

The Mitel MiCollab iOS application could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an attacker to gain access to sensitive information

These vulnerabilities were privately reported.

Mitel is recommending customers with affected product versions, update to the latest release.

 

Affected Products

Security Bulletins are being issued for the following products:

 

Risk Assessment

The risk for this vulnerability is rated as Medium. Refer to the product Security Bulletins for additional statements regarding risk.

 

Mitigation / Recommended Action

Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.

Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.

 

External References

N/A

 

Related CVEs / CWEs / Advisories

CVE-2020-13863 CVE-2020-13767

 

Revision History

Ready to talk to sales? Contact us.